Asset inventory and risk assessment
Assign topic to the user
Answer: Actually, the inventory of assets is not needed, especially when companies are implementing the standard for the first time - it is enough to develop a list of assets in the Risk assessment table, and once this is done this list is simply copied to Inventory of assets.
2 - Also whenever ASSETS in RISK ASSESSMENT TABLE are reviewed the INVENTORY OF ASSETS TABLE as per Annexure is reviewed, is that so?
Answer: Your understanding is correct. Sometimes a risk review identify assets that were not accounted, so the inventory of assets should be updated to include these new assets.
This article will provide you further explanation about asset inventory and risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to handle Asset register (Asset inventory) according to ISO 27001 https://a dvisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding asset inventory and risk assessment:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 22, 2016